Each business has its own risk priorities. This could be anything from social media, cyber security and terrorism to internal strategies, new technology and competition. Some will be short term and others will focus on future planning.
Risk management should support the company’s risk appetite, current working practices, and internal culture and should not be a barrier to doing work. The processes put in place, as well as the risk management information system used needs to be practical, simple and not restrictive.
For example, in insurance, underwriters and actuaries can’t take weeks to give a quote to brokers or policyholders or be too restricted on what they can value, or they simply couldn’t do their jobs. The same principles apply to things like social media. Being too restrictive on the process for sharing news externally or interacting with customers, suppliers and the industry could mean missed opportunities and poor publicity due to slow responses.
Creating corporate culture
Although it is often thought that HR should be responsible for creating and managing corporate culture, it is really a joint effort between leadership and all departments. Risk managers need to work with the management team, HR and internal communications leaders to create the culture (i.e. how to implement it) and Legal, Compliance, IT etc for what needs to shape the (risk) culture. Our article ‘Should Risk Managers be at the forefront of creating company culture?’ explores this further.
The difference between high and low performing companies
Having seen high and low performing companies in action, a good culture is key to success. Teams talking, sharing and working together gets things done, and avoids the disarray of silos and competition. This all begins from the top. The leader sets the right values and working atmosphere. When the culture is right, risk management processes can easily be designed and implemented.
Although the culture comes from the leader and the values, it is the people that make it happen. Good communication channels and regular company updates, simple company structure and clear company direction all support teams working together. A good culture motivates staff to do their job well and ensures they understand the importance of following the risk management processes. Obviously, employing the right people also plays a part.
Risk management is an evolving process
As mitigating risk is all very process driven, it can be easy to get carried away. Here are a few important things to remember:
A robust risk management framework is flexible – it evolves and develops as the company, and risks, change. So if a sign off process is too complex, a new risk is identified or the risk appetite is becoming restrictive, it can and should be changed.
Risk appetite should support business and not stifle it – the risk appetite should be based on what the company is willing to lose in order to grow and prosper, and not avoiding risks at all costs.
Employees without restrictive processes are more productive – if you have a team moaning about or avoiding doing paperwork because it is too hard, reflect on the processes. Does the team need more training or communication about the importance of risk management, or do the processes simply need to be amended?
A good risk management information system will support company growth – using one system that is tailored to a company’s specific needs means all the risk data is up-to-date, correct and in one place – everything needed to successfully manage risk throughout the business.
Risk management is designed to identify possible catastrophes and have back-up plans for all eventualities. It is not meant to prevent employees from doing their jobs or create a negative, unproductive culture. So, if you are a risk manager and you are helping to create and cascade the corporate culture, it is worth bearing in mind that your job will be much easier if you choose simple (but effective) processes, a robust risk management information system and a risk appetite that does not make doing business difficult.
Territory Manager, UK & Ireland
t 44 (0) 20 3817 7405
Feb 6, 2018
| Originally posted on